How Did The Walmart Spy Intercept Text Messages?

No one knows for sure which technique the Walmart spy used to intercept text messages between media relations staff and the New York Times, but Slate has a few guesses. This is their best one:

It’s also possible to intercept unencrypted or poorly encrypted messages directly as they’re broadcast over cellular channels. (If the network uses sophisticated encryption, you might be out of luck.) To steal messages with your phone, you would need to upload illegal “firmware” onto your phone. This essentially turns your phone into a radio and allows it to pick up all the texts broadcast on a given channel–instead of limiting you to the ones addressed to you. You’d also need to know the network for the target phone–Verizon, Cingular, T-Mobile, etc.–and you’d have to make sure that both your phone and the target are within range of the same base station. This method isn’t too expensive since you don’t need much more than a computer, a phone, and some firmware that any serious techie could find online for free.

Hmm. We do not know anything about illegal firmware, so we’ll take Slate’s word on that.

Guess we’ll have to curb the hot and heavy txts to Walmart’s delicious PR people. Someone could be listening….—MEGHANN MARCO

Comments

Edit Your Comment

Its kind-of creepy to think that somebody might have been “listening-in” on some of the texts my ex-girlfriend and I used to send. Is there no safe way to have a kinky convo with your girl while others are present anymore? Of course, the odds that any of our texts were intercepted are so low as to be considered negligible (so I choose to believe), but still…

These problems are far less likely with GSM operators, as the air interface is encrypted by default. On most handsets there is an indicator if the ciphering is switched off (this sometimes happens in high load situations like New Years Eve).
Of course, if you have someone shady located inside the operator, then nothing is safe. Text and picture messages are stored on servers, much like emails, and voice travels unencrypted around the internal network.

While one could certainly intercept text messages on a per-channel basis, this would still take some fairly sophisticated hacked firmware, programming cables and software for the phone, and in the case of someone reading every text message coming off every RF channel at a particular cell site would be a pretty big task.

It certainly would be a lot easier to sniff for packets through the carrier’s internal network if you had access to it, and even easier still to just have the target phone cloned.

It would also be possible to read text messages using the appropriate test equipment. Hewlett-Packard (now Agilent) makes test equipment for service technicians that can monitor voice and text. This equipment is manufactured for legitimate cell-site alignment and troubleshooting purposes, but it certainly could be used to “listen in” on unencrypted test traffic. It would, however, take somebody who knew exactly what they were doing. It’s also highly illegal to do so if you’re not a technician in the process of performing your job, and the equipment isn’t cheap.

The safe way to think about communications is that with the exception of specifically encrypted traffic, any unencrypted voice or data traffic can be intercepted fairly easily by somebody somewhere (just ask the US government!). Even if it’s encrypted going out over the air or through SSL, it’s often stored on a hard drive in unencrypted form, so there’s a vulnerable point too.

Personally, I’d keep any plans for world domination written on cocktail napkins.